Adds support for using Terraform modules cached locally (#940)

* add: support for using already downloaded remote module from terraform cache

* code nits: added comments

* added e2e test for --use-terraform-cache flag

* added unit test for newly added function

* adds usage of --non-recursive and --use-terraform-cache in docs

* Update run.go

Fixes typo

* code nits: type fix and code implementation changes

* Adds: use of map to pass scan options to IaC provider

- changed interface method signature to accept map parameter so that we can pass any no of flag to    implementer without changing method signature.
- moved the non recursive flag to map to achieve uniformity
- In terraform used switch for flag identification so that in future new flag or option provided just need to add another case rather than if/else

* Update README.md (#945)

updated all links .

* update helm chart progress checklist (#943)

We doSupport TLS certificate/key in existing secrets

* Update mkdocs-material from 7.1.11 to 7.2.0 (#939)

* fix - config only option used with remote repo scan generates panic (#948)

* Update mkdocs-material from 7.2.0 to 7.2.1 (#947)

* Adds Terrascan pre-commit (#953)

Adds pre-commit integration for Terrascan

Co-authored-by: mihirhasan <cs-mihirhasan@accurics.com>

* Update mkdocs-material from 7.2.1 to 7.2.2 (#954)

* terraform cache use with non recursive dir scan

- modified code to make scan directory non recursively when --use-terraform-cache is used.
- modified scan command flag description and docs accordingly.

* fixes: docker implementer for map parameter

- modified docker LoadIacDir and LoadIacFile method to accept map parameter
- registered docker as cloud provider so that docker policies will be used from '.terrascan' folder

* code nits: removed unwanted if condtions and added error logs

Co-authored-by: Cesar Rodriguez <cesar@accurics.com>
Co-authored-by: Sangam Biradar <sangam14@users.noreply.github.com>
Co-authored-by: Devang Gaur <devang.gaur@accurics.com>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Pankaj Patil <patilpankaj212@gmail.com>
Co-authored-by: mihirhasan <38732914+mihirhasan@users.noreply.github.com>
Co-authored-by: mihirhasan <cs-mihirhasan@accurics.com>

docs/usage/command_line_mode.md

@@ -205,6 +205,8 @@ aws_ecr_repository:
 | |scan-rules|Specify rules to scan, example: --scan-rules="ruleID1,ruleID2"|
 | |skip-rules|Specify one or more rules to skip while scanning. Example: --skip-rules="ruleID1,ruleID2"|
 | |use-colours |Configure the color for output (**auto**, t, f) |
+|--non-recursive |Use this for non recursive directories and modules scan | By default directory is scanned recursively, if this flag is used then only provided root directory will be scanned|
+|--use-terraform-cache |Use this to refer terraform remote modules from terraform init cache rather than downloading | By default remote module will be downloaded in temporary directory. If this flag is set then modules will be refered from terraform init cache if module is not present in terraform init cache it will be downloaded. Directory will be scanned non recurively if this flag is used.(applicable only with terraform IaC provider)|
 | -v | verbose | Displays violations with all details |
 
 | Global flags | Description | Options |
@@ -246,6 +248,7 @@ Flags:
       --show-passed               display passed rules, along with violations
       --skip-rules strings        one or more rules to skip while scanning (example: --skip-rules="ruleID1,ruleID2")
       --use-colors string         color output (auto, t, f) (default "auto")
+      --use-terraform-cache       use terraform init cache for remote modules (when used directory scan will be non recursive,flag applicable only with terraform IaC provider)
   -v, --verbose                   will show violations with details (applicable for default output)
 
 Global Flags:

go.mod

@@ -9,6 +9,7 @@ replace (
 )
 
 require (
+	github.com/BurntSushi/toml v0.4.0 // indirect
 	github.com/VerbalExpressions/GoVerbalExpressions v0.0.0-20200410162751-4d76a1099a6e
 	github.com/awslabs/goformation/v4 v4.19.1
 	github.com/ghodss/yaml v1.0.0
@@ -42,7 +43,7 @@ require (
 	github.com/zclconf/go-cty v1.8.3
 	go.uber.org/zap v1.16.0
 	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
-	golang.org/x/tools v0.1.4 // indirect
+	golang.org/x/tools v0.1.5 // indirect
 	gopkg.in/src-d/go-git.v4 v4.13.1
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	helm.sh/helm/v3 v3.4.0

go.sum

@@ -124,6 +124,16 @@ github.com/Azure/go-ntlmssp v0.0.0-20180810175552-4a21cbd618b4/go.mod h1:chxPXzS
 github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v0.3.2-0.20210614224209-34d990aa228d/go.mod h1:2QZjSXA5e+XyFeCAxxtL8Z4StYUsTquL8ODGPR3C3MA=
+github.com/BurntSushi/toml v0.3.2-0.20210621044154-20a94d639b8e/go.mod h1:t4zg8TkHfP16Vb3x4WKIw7zVYMit5QFtPEO8lOWxzTg=
+github.com/BurntSushi/toml v0.3.2-0.20210624061728-01bfc69d1057/go.mod h1:NMj2lD5LfMqcE0w8tnqOsH6944oaqpI1974lrIwerfE=
+github.com/BurntSushi/toml v0.3.2-0.20210704081116-ccff24ee4463/go.mod h1:EkRrMiQQmfxK6kIldz3QbPlhmVkrjW1RDJUnbDqGYvc=
+github.com/BurntSushi/toml v0.4.0 h1:qD/r9AL67srjW6O3fcSKZDsXqzBNX6ieSRywr2hRrdE=
+github.com/BurntSushi/toml v0.4.0/go.mod h1:wtejDu7Q0FhCWAo2aXkywSJyYFg01EDTKozLNCz2JBA=
+github.com/BurntSushi/toml-test v0.1.1-0.20210620192437-de01089bbf76/go.mod h1:P/PrhmZ37t5llHfDuiouWXtFgqOoQ12SAh9j6EjrBR4=
+github.com/BurntSushi/toml-test v0.1.1-0.20210624055653-1f6389604dc6/go.mod h1:UAIt+Eo8itMZAAgImXkPGDMYsT1SsJkVdB5TuONl86A=
+github.com/BurntSushi/toml-test v0.1.1-0.20210704062846-269931e74e3f/go.mod h1:fnFWrIwqgHsEjVsW3RYCJmDo86oq9eiJ9u6bnqhtm2g=
+github.com/BurntSushi/toml-test v0.1.1-0.20210723065233-facb9eccd4da/go.mod h1:ve9Q/RRu2vHi42LocPLNvagxuUJh993/95b18bw/Nws=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4=
 github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4=
@@ -1805,6 +1815,8 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.4 h1:cVngSRcfgyZCzys3KYOpCFa+4dqX/Oub9tAq00ttGVs=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2095,3 +2107,4 @@ sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1
 sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
 sourcegraph.com/sqs/pbtypes v1.0.0/go.mod h1:3AciMUv4qUuRHRHhOG4TZOB+72GdPVz5k+c648qsFS4=
 vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI=
+zgo.at/zli v0.0.0-20210619044753-e7020a328e59/go.mod h1:HLAc12TjNGT+VRXr76JnsNE3pbooQtwKWhX+RlDjQ2Y=

pkg/cli/run.go

@@ -88,14 +88,17 @@ type ScanOptions struct {
 	// severity is the level of severity of policy violations that should be reported
 	severity string
 
-	// verbose indicates whether to display all fields in default human readlbe output
+	// verbose indicates whether to display all fields in default human readable output
 	verbose bool
 
 	// showPassedRules indicates whether to display passed rules or not
 	showPassedRules bool
 
 	// nonRecursive enables recursive scan for the terraform iac provider
 	nonRecursive bool
+
+	// useTerraformCache provides ability to use terraform init local cache for modules rather than downloading them.
+	useTerraformCache bool
 }
 
 // NewScanOptions returns a new pointer to ScanOptions
@@ -181,7 +184,7 @@ func (s *ScanOptions) Run() error {
 
 	// create a new runtime executor for processing IaC
 	executor, err := runtime.NewExecutor(s.iacType, s.iacVersion, s.policyType,
-		s.iacFilePath, s.iacDirPath, s.policyPath, s.scanRules, s.skipRules, s.categories, s.severity, s.nonRecursive)
+		s.iacFilePath, s.iacDirPath, s.policyPath, s.scanRules, s.skipRules, s.categories, s.severity, s.nonRecursive, s.useTerraformCache)
 	if err != nil {
 		return err
 	}

pkg/cli/scan.go

@@ -72,5 +72,6 @@ func init() {
 	scanCmd.Flags().StringSliceVarP(&scanOptions.categories, "categories", "", []string{}, "list of categories of violations to be reported by terrascan (example: --categories=\"category1,category2\")")
 	scanCmd.Flags().BoolVarP(&scanOptions.showPassedRules, "show-passed", "", false, "display passed rules, along with violations")
 	scanCmd.Flags().BoolVarP(&scanOptions.nonRecursive, "non-recursive", "", false, "do not scan directories and modules recursively")
+	scanCmd.Flags().BoolVarP(&scanOptions.useTerraformCache, "use-terraform-cache", "", false, "use terraform init cache for remote modules (when used directory scan will be non recursive, flag applicable only with terraform IaC provider)")
 	RegisterCommand(rootCmd, scanCmd)
 }

pkg/http-server/file-scan.go

@@ -152,10 +152,10 @@ func (g *APIHandler) scanFile(w http.ResponseWriter, r *http.Request) {
 	var executor *runtime.Executor
 	if g.test {
 		executor, err = runtime.NewExecutor(iacType, iacVersion, cloudType,
-			tempFile.Name(), "", []string{"./testdata/testpolicies"}, scanRules, skipRules, categories, severity, false)
+			tempFile.Name(), "", []string{"./testdata/testpolicies"}, scanRules, skipRules, categories, severity, false, false)
 	} else {
 		executor, err = runtime.NewExecutor(iacType, iacVersion, cloudType,
-			tempFile.Name(), "", getPolicyPathFromConfig(), scanRules, skipRules, categories, severity, false)
+			tempFile.Name(), "", getPolicyPathFromConfig(), scanRules, skipRules, categories, severity, false, false)
 	}
 	if err != nil {
 		zap.S().Error(err)

pkg/http-server/remote-repo.go

@@ -128,7 +128,7 @@ func (s *scanRemoteRepoReq) ScanRemoteRepo(iacType, iacVersion string, cloudType
 
 	// create a new runtime executor for scanning the remote repo
 	executor, err := runtime.NewExecutor(iacType, iacVersion, cloudType,
-		"", iacDirPath, policyPath, s.ScanRules, s.SkipRules, s.Categories, s.Severity, s.NonRecursive)
+		"", iacDirPath, policyPath, s.ScanRules, s.SkipRules, s.Categories, s.Severity, s.NonRecursive, false)
 	if err != nil {
 		zap.S().Error(err)
 		return output, isAdmissionDenied, err

pkg/iac-providers/arm/v1/load-dir.go

@@ -35,7 +35,7 @@ import (
 const iacFile = "IAC file"
 
 // LoadIacDir loads all ARM template files in the current directory.
-func (a *ARMV1) LoadIacDir(absRootDir string, nonRecursive bool) (output.AllResourceConfigs, error) {
+func (a *ARMV1) LoadIacDir(absRootDir string, options map[string]interface{}) (output.AllResourceConfigs, error) {
 	// set the root directory being scanned
 	a.absRootDir = absRootDir
 
@@ -62,7 +62,7 @@ func (a *ARMV1) LoadIacDir(absRootDir string, nonRecursive bool) (output.AllReso
 			a.tryGetParameters(*files[i], fileDir, files)
 
 			var configData output.AllResourceConfigs
-			if configData, err = a.LoadIacFile(file); err != nil {
+			if configData, err = a.LoadIacFile(file, options); err != nil {
 				errMsg := fmt.Sprintf("error while loading iac file '%s'. err: %v", file, err)
 				zap.S().Debug("error while loading iac files", zap.String("IAC file", file), zap.Error(err))
 				a.errIacLoadDirs = multierror.Append(a.errIacLoadDirs, results.DirScanErr{IacType: "arm", Directory: fileDir, ErrMessage: errMsg})

pkg/iac-providers/arm/v1/load-dir_test.go

@@ -71,6 +71,7 @@ func TestLoadIacDir(t *testing.T) {
 		armv1   ARMV1
 		name    string
 		dirPath string
+		options map[string]interface{}
 	}{
 		{
 			name:    "empty config",
@@ -94,7 +95,7 @@ func TestLoadIacDir(t *testing.T) {
 
 	for _, tt := range table {
 		t.Run(tt.name, func(t *testing.T) {
-			aRC, gotErr := tt.armv1.LoadIacDir(tt.dirPath, false)
+			aRC, gotErr := tt.armv1.LoadIacDir(tt.dirPath, tt.options)
 			me, ok := gotErr.(*multierror.Error)
 			if !ok {
 				t.Errorf("expected multierror.Error, got %T", gotErr)
@@ -127,6 +128,8 @@ func TestARMMapper(t *testing.T) {
 		t.Error(err)
 	}
 
+	options := make(map[string]interface{})
+
 	armv1 := ARMV1{}
 
 	// get output json to verify
@@ -143,7 +146,7 @@ func TestARMMapper(t *testing.T) {
 
 	t.Run(root, func(t *testing.T) {
 
-		allResourceConfigs, gotErr := armv1.LoadIacDir(root, false)
+		allResourceConfigs, gotErr := armv1.LoadIacDir(root, options)
 		_, ok := gotErr.(*multierror.Error)
 		if !ok {
 			t.Errorf("expected multierror.Error, got %T", gotErr)

pkg/iac-providers/arm/v1/load-file.go

@@ -34,7 +34,7 @@ import (
 
 // LoadIacFile loads the specified ARM template file.
 // Note that a single ARM template json file may contain multiple resource definitions.
-func (a *ARMV1) LoadIacFile(absFilePath string) (allResourcesConfig output.AllResourceConfigs, err error) {
+func (a *ARMV1) LoadIacFile(absFilePath string, options map[string]interface{}) (allResourcesConfig output.AllResourceConfigs, err error) {
 	allResourcesConfig = make(output.AllResourceConfigs)
 	if fileExt := a.getFileType(absFilePath); fileExt != JSONExtension {
 		return allResourcesConfig, fmt.Errorf("unsupported file %s", absFilePath)

pkg/iac-providers/arm/v1/load-file_test.go

@@ -31,6 +31,7 @@ func TestLoadIacFile(t *testing.T) {
 	table := []struct {
 		wantErr  error
 		want     output.AllResourceConfigs
+		options  map[string]interface{}
 		armv1    ARMV1
 		name     string
 		filePath string
@@ -58,7 +59,7 @@ func TestLoadIacFile(t *testing.T) {
 
 	for _, tt := range table {
 		t.Run(tt.name, func(t *testing.T) {
-			_, gotErr := tt.armv1.LoadIacFile(tt.filePath)
+			_, gotErr := tt.armv1.LoadIacFile(tt.filePath, tt.options)
 			if !reflect.DeepEqual(gotErr, tt.wantErr) {
 				t.Errorf("unexpected error; gotErr: '%v', wantErr: '%v'", gotErr, tt.wantErr)
 			} else if tt.typeOnly && (reflect.TypeOf(gotErr)) != reflect.TypeOf(tt.wantErr) {
@@ -72,6 +73,7 @@ func TestLinkedTemplateDownload(t *testing.T) {
 	table := []struct {
 		wantErr  error
 		want     output.AllResourceConfigs
+		options  map[string]interface{}
 		armv1    ARMV1
 		name     string
 		filePath string
@@ -113,7 +115,7 @@ func TestLinkedTemplateDownload(t *testing.T) {
 
 	for _, tt := range table {
 		t.Run(tt.name, func(t *testing.T) {
-			aRC, gotErr := tt.armv1.LoadIacFile(tt.filePath)
+			aRC, gotErr := tt.armv1.LoadIacFile(tt.filePath, tt.options)
 			if !reflect.DeepEqual(gotErr, tt.wantErr) {
 				t.Errorf("unexpected error; gotErr: '%v', wantErr: '%v'", gotErr, tt.wantErr)
 			} else if tt.typeOnly && (reflect.TypeOf(gotErr)) != reflect.TypeOf(tt.wantErr) {

pkg/iac-providers/cft/v1/load-dir.go

@@ -29,7 +29,7 @@ import (
 )
 
 // LoadIacDir loads all CFT template files in the current directory.
-func (a *CFTV1) LoadIacDir(absRootDir string, nonRecursive bool) (output.AllResourceConfigs, error) {
+func (a *CFTV1) LoadIacDir(absRootDir string, options map[string]interface{}) (output.AllResourceConfigs, error) {
 	a.absRootDir = absRootDir
 
 	allResourcesConfig := make(map[string][]output.ResourceConfig)
@@ -45,7 +45,7 @@ func (a *CFTV1) LoadIacDir(absRootDir string, nonRecursive bool) (output.AllReso
 			file := filepath.Join(fileDir, *files[i])
 
 			var configData output.AllResourceConfigs
-			if configData, err = a.LoadIacFile(file); err != nil {
+			if configData, err = a.LoadIacFile(file, options); err != nil {
 				errMsg := fmt.Sprintf("error while loading iac file '%s', err: %v", file, err)
 				zap.S().Debug("error while loading iac files", zap.String("IAC file", file), zap.Error(err))
 				a.errIacLoadDirs = multierror.Append(a.errIacLoadDirs, results.DirScanErr{IacType: "cft", Directory: fileDir, ErrMessage: errMsg})

pkg/iac-providers/cft/v1/load-dir_test.go

@@ -64,6 +64,7 @@ func TestLoadIacDir(t *testing.T) {
 		cftv1   CFTV1
 		name    string
 		dirPath string
+		options map[string]interface{}
 	}{
 		{
 			name:    "empty config",
@@ -95,7 +96,7 @@ func TestLoadIacDir(t *testing.T) {
 
 	for _, tt := range table {
 		t.Run(tt.name, func(t *testing.T) {
-			_, gotErr := tt.cftv1.LoadIacDir(tt.dirPath, false)
+			_, gotErr := tt.cftv1.LoadIacDir(tt.dirPath, tt.options)
 			me, ok := gotErr.(*multierror.Error)
 			if !ok {
 				t.Errorf("expected multierror.Error, got %T", gotErr)
@@ -117,12 +118,12 @@ func TestCFTMapper(t *testing.T) {
 	if err != nil {
 		log.Fatal(err)
 	}
-
+	options := make(map[string]interface{})
 	cftv1 := CFTV1{}
 	for _, dir := range dirList {
 		resourceDir := filepath.Join(root, dir.Name())
 		t.Run(resourceDir, func(t *testing.T) {
-			allResourceConfigs, gotErr := cftv1.LoadIacDir(resourceDir, false)
+			allResourceConfigs, gotErr := cftv1.LoadIacDir(resourceDir, options)
 
 			// load expected output.json from test artifacts
 			var testArc output.AllResourceConfigs

pkg/iac-providers/cft/v1/load-file.go

@@ -32,7 +32,7 @@ import (
 
 // LoadIacFile loads the specified CFT template file.
 // Note that a single CFT template json file may contain multiple resource definitions.
-func (a *CFTV1) LoadIacFile(absFilePath string) (allResourcesConfig output.AllResourceConfigs, err error) {
+func (a *CFTV1) LoadIacFile(absFilePath string, options map[string]interface{}) (allResourcesConfig output.AllResourceConfigs, err error) {
 	fileData, err := ioutil.ReadFile(absFilePath)
 	if err != nil {
 		zap.S().Debug("unable to read file", zap.Error(err), zap.String("file", absFilePath))

pkg/iac-providers/cft/v1/load-file_test.go

@@ -43,6 +43,7 @@ func TestLoadIacFile(t *testing.T) {
 		name     string
 		filePath string
 		typeOnly bool
+		options  map[string]interface{}
 	}{
 		{
 			wantErr:  fmt.Errorf(testErrString1),
@@ -77,7 +78,7 @@ func TestLoadIacFile(t *testing.T) {
 
 	for _, tt := range table {
 		t.Run(tt.name, func(t *testing.T) {
-			_, gotErr := tt.cftv1.LoadIacFile(tt.filePath)
+			_, gotErr := tt.cftv1.LoadIacFile(tt.filePath, tt.options)
 			if !reflect.DeepEqual(gotErr, tt.wantErr) {
 				t.Errorf("unexpected error; gotErr: '%+v', wantErr: '%+v'", gotErr, tt.wantErr)
 			} else if tt.typeOnly && (reflect.TypeOf(gotErr)) != reflect.TypeOf(tt.wantErr) {

pkg/iac-providers/docker/v1/load-dir.go

@@ -28,7 +28,7 @@ import (
 )
 
 // LoadIacDir loads the docker file specified in given folder.
-func (dc *DockerV1) LoadIacDir(absRootDir string, nonRecursive bool) (output.AllResourceConfigs, error) {
+func (dc *DockerV1) LoadIacDir(absRootDir string, options map[string]interface{}) (output.AllResourceConfigs, error) {
 	// set the root directory being scanned
 	dc.absRootDir = absRootDir
 
@@ -49,7 +49,7 @@ func (dc *DockerV1) LoadIacDir(absRootDir string, nonRecursive bool) (output.All
 		for i := range files {
 			file := filepath.Join(fileDir, *files[i])
 			var configData output.AllResourceConfigs
-			if configData, err = dc.LoadIacFile(file); err != nil {
+			if configData, err = dc.LoadIacFile(file, options); err != nil {
 				errMsg := fmt.Sprintf("error while parsing file %s", file)
 				zap.S().Errorf("error while searching for iac files", zap.String("root dir", absRootDir), errMsg)
 				dc.errIacLoadDirs = multierror.Append(dc.errIacLoadDirs, results.DirScanErr{IacType: "docker", Directory: absRootDir, ErrMessage: errMsg})

pkg/iac-providers/docker/v1/load-dir_test.go

@@ -41,6 +41,7 @@ func TestLoadIacDir(t *testing.T) {
 	tests := []struct {
 		name     string
 		dirPath  string
+		options  map[string]interface{}
 		dockerV1 DockerV1
 		want     output.AllResourceConfigs
 		wantErr  error
@@ -94,7 +95,7 @@ func TestLoadIacDir(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 
-			got, gotErr := tt.dockerV1.LoadIacDir(tt.dirPath, false)
+			got, gotErr := tt.dockerV1.LoadIacDir(tt.dirPath, tt.options)
 			me, ok := gotErr.(*multierror.Error)
 			if !ok {
 				t.Errorf("expected multierror.Error, got %T", gotErr)

pkg/iac-providers/docker/v1/load-file.go

@@ -41,7 +41,7 @@ const (
 )
 
 // LoadIacFile loads the docker file specified and create ResourceConfig for each dockerfile
-func (dc *DockerV1) LoadIacFile(absFilePath string) (allResourcesConfig output.AllResourceConfigs, err error) {
+func (dc *DockerV1) LoadIacFile(absFilePath string, options map[string]interface{}) (allResourcesConfig output.AllResourceConfigs, err error) {
 	allResourcesConfig = make(map[string][]output.ResourceConfig)
 
 	data, comments, err := dc.Parse(absFilePath)

pkg/iac-providers/docker/v1/load-file_test.go

@@ -127,6 +127,7 @@ func TestLoadIacFile(t *testing.T) {
 	tests := []struct {
 		name        string
 		absFilePath string
+		options     map[string]interface{}
 		dockerV1    DockerV1
 		want        output.AllResourceConfigs
 		wantErr     error
@@ -155,7 +156,7 @@ func TestLoadIacFile(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 
-			got, gotErr := tt.dockerV1.LoadIacFile(tt.absFilePath)
+			got, gotErr := tt.dockerV1.LoadIacFile(tt.absFilePath, tt.options)
 			if tt.want != nil {
 				if got == nil || !reflect.DeepEqual(got, tt.want) {
 					t.Errorf("unexpected result; got: '%#v', want: '%v'", got, tt.want)

pkg/iac-providers/helm/v3/load-dir.go

@@ -42,7 +42,7 @@ var (
 )
 
 // LoadIacDir loads all helm charts under the specified directory
-func (h *HelmV3) LoadIacDir(absRootDir string, nonRecursive bool) (output.AllResourceConfigs, error) {
+func (h *HelmV3) LoadIacDir(absRootDir string, options map[string]interface{}) (output.AllResourceConfigs, error) {
 
 	allResourcesConfig := make(map[string][]output.ResourceConfig)
 

pkg/iac-providers/helm/v3/load-dir_test.go

@@ -45,6 +45,7 @@ func TestLoadIacDir(t *testing.T) {
 		name          string
 		dirPath       string
 		helmv3        HelmV3
+		options       map[string]interface{}
 		want          output.AllResourceConfigs
 		wantErr       error
 		resourceCount int
@@ -79,7 +80,7 @@ func TestLoadIacDir(t *testing.T) {
 
 	for _, tt := range table {
 		t.Run(tt.name, func(t *testing.T) {
-			resources, gotErr := tt.helmv3.LoadIacDir(tt.dirPath, false)
+			resources, gotErr := tt.helmv3.LoadIacDir(tt.dirPath, tt.options)
 			me, ok := gotErr.(*multierror.Error)
 			if !ok {
 				t.Errorf("expected multierror.Error, got %T", gotErr)